Информационная безопасность
[RU] switch to English


Многочисленные ошибки в MailEnable (multiple bugs)
дополнено с 20 марта 2006 г.
Опубликовано:21 марта 2006 г.
Источник:
SecurityVulns ID:5914
Тип:удаленная
Уровень опасности:
5/10
Описание:Проблема с POP3-аутентификацией, межсайтовый скриптинг, утечка информации.
Затронутые продукты:MAILENABLE : MailEnable Standard 1.93
 MAILENABLE : MailEnable Professional 1.73
 MAILENABLE : MailEnable Enterprise 1.21
CVE:CVE-2006-6964 (MailEnable Professional before 1.78 provides a cleartext user password when an administrator edits the user's settings, which allows remote authenticated administrators to obtain sensitive information by viewing the HTML source.)
 CVE-2006-1792 (Unspecified vulnerability in the POP service in MailEnable Standard Edition before 1.94, Professional Edition before 1.74, and Enterprise Edition before 1.22 has unknown attack vectors and impact related to "authentication exploits". NOTE: this is a different set of affected versions, and probably a different vulnerability than CVE-2006-1337.)
 CVE-2006-1337 (Buffer overflow in the POP 3 (POP3) service in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 allows remote attackers to execute arbitrary code via unknown vectors before authentication.)
Оригинальный текстdocumentnoreply_(at)_musecurity.com, [Full-disclosure] [MU-200603-01] MailEnable POP3 Pre-Authentication Buffer Overflow (21.03.2006)
 documentSECUNIA, [SA19288] MailEnable Webmail and Unspecified POP Vulnerabilities (20.03.2006)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород